Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.

Abstract: Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet. A processing resource of the network device may receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match.

Abstract: In some examples, a system receives a context of an application to request a set of network traffic, the context including a requested behavior of a service enabled by the application, and provides a policy to a network device of a network, the policy to regulate the set of network traffic based on the context, the policy provided to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to a destination or denying transmission of the set of network traffic to the destination.

Abstract: Network service insertion includes determining a tunnel interface corresponding to a service entity to which an incoming packet is to be directed, the tunnel interface being determined based on software defined network (SDN) flow rules. Further, the incoming packet can be encapsulated based on a tunnel configuration corresponding to the tunnel interface to generate an encapsulated packet such that the encapsulated packet includes media access control (MAC) address headers and a virtual local area network (VLAN) tag associated with the incoming packet. The encapsulated packet can be sent to the service entity through the tunnel interface for network service insertion.

Abstract: In some examples, a system receives a context of an application to request a set of network traffic, the context including a requested behavior of a service enabled by the application, and provides a policy to a network device of a network, the policy to regulate the set of network traffic based on the context, the policy provided to the network device to cause the network device to route the set of network traffic based on applying the policy, the routing comprising forwarding the set of network traffic to a destination or denying transmission of the set of network traffic to the destination.

Abstract: In one implementation, an example system may include a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. In another implementation, an example system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. In another implementation, an example method may comprise receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.

Abstract: Examples include a network device to filter a packet for a packet type. The network device includes a filter to receive the packet and to determine whether the packet is a defined packet type. The network device also includes a Bloom filter to receive the packet from the filter based on the determination that the packet is a defined packet type and to determine whether the packet is a matched packet or an unmatched packet. A processing resource of the network device may receive the packet from the Bloom filter based on the determination that the packet is a matched packet and to determine whether the packet is an exact match.

Abstract: An example of a computing system is described herein. The computing system includes a network switch configured to direct network traffic. The computing system also includes a network device to receive the network traffic. The computing system further includes a controller coupled to the network switch. The controller is to monitor network traffic in the network switch and generate a policy to instruct the network switch in selecting a portion of the network traffic to direct to the network device.

Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.

Abstract: Network service insertion includes determining a tunnel interface corresponding to a service entity to which an incoming packet is to be directed, the tunnel interface being determined based on software defined network (SDN) flow rules. Further, the incoming packet can be encapsulated based on a tunnel configuration corresponding to the tunnel interface to generate an encapsulated packet such that the encapsulated packet includes media access control (MAC) address headers and a virtual local area network (VLAN) tag associated with the incoming packet. The encapsulated packet can be sent to the service entity through the tunnel interface for network service insertion.

Abstract: In one implementation, an example system may include a policy engine. The policy engine may receive a context of an application to request a set of network traffic and provide a policy rule to a network device of a network path. In another implementation, an example system may identify a party and a requested behavior of the service and maintain a context to determine a policy rule to regulate a set of network traffic associated with the service based on the party and the requested behavior. In another implementation, an example method may comprise receiving a service request and an authentication, identifying a party, identifying a behavior, and deploying a policy to a network device of a network based on the party and the behavior.

Abstract: A network access apparatus includes a processor and an interface to receive a plurality of packets that originate from a client device. The apparatus also includes a network access module that is to perform a forwarding function on the plurality of packets, to determine whether the received plurality of packets comprise a predetermined type of communication, and to instruct the control module to analyze the plurality of packets in response to the plurality of packets being determined as comprising the predetermined type of communication. The apparatus further includes a control module that is to determine a feature of the plurality of packets received from the network access module, to determine whether the feature matches a configuration of a plurality of predetermined configurations, and to perform a predefined action on the plurality of packets in response to the feature matching the configuration.

Abstract: Data can be stored, at a network device, in a device local reputation score cache. The data can include a reputation score for a domain name. The network device can receive a domain name system (DNS) data unit and determine if a domain name in the DNS data unit has a reputation score stored in the device local reputation score cache.